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METHOD FOR AUTHORIZATION 

BACKGROUND OF THE INVENTION 
FIELD OF THE INVENTION 

The present invention concerns a method for granting access to restricted 
areas such as computers, doors, vehicles, or other areas to which access by a user is 
controlled . 

DESCRIPTION OF THE RELATED ART 

Computers and mobile telephones are currently used as equipment for carrying 
out transactions and for giving a signature of different types. Furthermore, computers 
are used to an ever greater degree to collect information with different degrees of 
confidentiality. It is often sufficient to log in with a password or a PIN code in order to 
subsequently be able to carry out transactions or to handle information during a limited 
period. This That means that a terminal may might be open for unauthorised use by 
an unauthorized person if it is left unmonitored A or if it is stolen within a certain time 
from the time an authorized user having logged in. 

In order to prevent this that, there are requirements for codes^ or for the use of 
a magnetic card A or what is known as a "smart card" as a means of identification. One 
disadvantage of such systems is that the user often e xp e rioncos thoso considers them 
as awkward burdensome, and as a result of this often seeks to exploit shortcuts, which 
reduces the level of security. 
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One problem with codes is that th o so they can be read by eavesdropp i ng an 
eavesdropper unless the information has been encrypted, which may can create a 
demand for particular software, hardware^ or a password that is to be distributed such 
that it can be used by the user. 

The present invention solves tWs that problem and offers a method m by which 
the identity of a user can be established with high security. 

SUMMARY OF THE INVENTION 

The present invention thus relates to a method for granting access to d e vic e s 
restricted areas such as computers, doors, vehicles,, or other arrang e m e nts areas to 
which access fef by a user is desired , compris i ng th e to be controlled. The method 
includes the transmission of a code over a short-range radio link , and i t i s 
charact e r i s e d i n that an . An access code (an ID-code) is transmitted from a central 
computer using radio waves, to a radio terminal in the possession of the user , i n that 
the . The radio terminal is caus e d to transm i t transmits the said ID-code over the said 
short-range radio link to the said arrang e m e nt, i n that th e said arrang e m e nt or a 
restricted area. A transmitter unit in the said arrang e m e nt is caus e d to transmit 
restricted area transmits the said ID-code to the said central computer, and i n that the 
said central computer i s caus e d to compar e compares the received code with the code 
that the central computer transmitted to the radio terminal. 
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BRIEF DESCRIPTION OF THE DRAWING 

The invention will be described in more detail below , part i a l ly in association 
with th e e mbod i m e nt embodiments of the invention as shown in the attached drawing, 
where wherein 

- Figure 1 shows a block diagram i n ord e r to ill ustrat e th e i nv e nt i on of 
embodiments of an access control system . 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 

The present invention thus concerns a method for granting access fef 
arrang e ments to restricted areas such as computers, doors, vehicles^ or other 
arrang e m e nts areas to which it is desired that a user have access. The invention will 
be described below in association with an e xamp le embodiment in which access to a 
computer is desired^ and also an oxamplo embodiment in which access to a locked 
door is desired. However, the invention can be e xplo i t e d utilized for a ll arrang e m e nts 
other restricted areas to which it is desired to grant access, such as vehicles, 
telephones, etc. 

The method compr i ses includes the transmission to the arrang e m e nt restricted 
area of an ID-code over a short-range radio link. 

According to the invention, an access code (an ID-code) is transmitted from a 
central computer 1 over radio waves to a radio terminal 3 in the possession of the 
user. The radio terminal may can be, for example 1 and preferably is, a mobile 
telephone. It may can, however, for certain applications be constituted by a 
communication radio of the type, for example, that is used by the rescue services. For 
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the example in which the radio terminal is a mobile telephone, the transmission takes 
place over a telephone network 8, via a base station 7 X to the telephone 3 via radio link 

9. 

Furthermore, the radio terminal 3 i s caused to transm i t transmits the sate ID- 
code over th e said a short-range radio link 5 to the said arrang e m e nt restricted area 2, 
as is illustrated by means of the arrow §. 

The sa i d arrang e m e nt restricted areas in the form of a computer 2 [Ml . and a 
door 11, 42 or a transmitter unit m 4. 12 within the said arrang e m e nt is th e r e aft e r 
caus e d to transm i t restricted area transmits the sate ID-code to the sate central 
computer 1 over a computer network 67 10 r4§. 

The sate central computer 1 is subsequently caus e d to compar e compares the 
code that has been received with the code that the central computer transmitted to the 
radio terminal 3. 

A circuit has in this that way been created in which a transmitted code can be 
compared with a received code. In the case that the codes agree with each other, the 
central computer 1 can, in the next stage, b e caus e d to transmit a second code to the 
arrang e m e nt computer 2 that makes it possible for the arrang e m e nt computer to be 
used in the manner intended by the user. 

Since the central computer 1 transmits an ID-code to a c e rta i n particular mobile 
telephone or other radio terminal 3, it can be assumed that the user of this that mobile 
telephone is the person who transmits the ID-code to the sa i d arrang e m e nt computer 
2 over the sate short-range radio link 5. Alternatively, the circuit thus can be used in 
such a manner that a r e g i strat i on comparison of whether the codes agree is made, 
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which in this that way can be assumed to specify that the correct person is using the 
arrang e m e nt computer , or that the use of the arrangement computer is unauthor i s e d 
unauthorized . 

According to one preferred embodiment, the central computer 1 is initiated to 
transmit an ID-code to the radio terminal through 3 as a result of either a transmitting 
device associated with the arrang e m e nt restricted area, or the radio terminal 
transmitting a request for a code to the central computer 1. With respect to the 
arrang e m e nt computer 2, the request can be transmitted over the computer network 6± 
10, 1^ or, with respect to a mobile telephone, over the mobile telephone network 7, 8, 
9. 

It is naturally possible to initiate the said circuit at any freely chosen point, Le. A 

i 

m at the central computer 1 , with at the mobile telephone 3, or in at the arrang e m e nt 
computer 2. 

According to one preferred design, the said short-range radio link 5 is what is 
known as an "RFID" link of known type. Such links work in two directions with two 
transmitting units and two receiving units, or they may can work in one direction only 
such that one unit transmits an e nquiry inquiry signal that is received by, modulated 
by, and reflected by the a second part in the form or of a transponder. The said ID- 
code can, for example, be transmitted in this that manner by means of the modulation. 

According to an alternative preferred embodiment, the said short-range radio 
link 5 is what is known as a "Bluetooth" link. 
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The sa i d arrang e m e nt computer 2, or the door 1 1 A and the said radio terminal 3 
have in both cases a transmitter/receiver unit 3, 4 [[;]] , and 3, 12 . respectively for the 
short range radio link. 

According to one preferred d e s i gn embodiment the said radio terminal 3 is a 
mobile telephone compris i ng constituting one part of the said short-range radio link. 
The radio terminal 3 is preferably a mobile telephone with an integral Bluetooth 
function. 

A Bluetooth module is thus built into the arrangem e nt computer 2, and the door 
11. It is also possible to use another radio technology^ such as WLAN (Wireless Local 
Area Network). However, it is important that the range of the radio link oaf* be made 
sufficiently short, independently of the technology used, in order to activate access to 
only the arrang e m e nts restricted areas that are intended. 

According to one oxamp l o embodiment the said arrang e m e nt restricted area is 
a computer (2) 2 or a computer terminal to which access is required. 

In th i s d e sign that embodiment , the user can request via the computer 2 a code 
from the central computer 1 in order to be able to use the computer 2. This That 
request can contain the I D numb e r ID-code of the user. The central computer 1 thus 
transmits a the code to the mobile telephone 7 3 of the user, which subsequently 
transmits the code over the short range radio link 5 to the computer 2. The computer 
2 transmits the code to the central computer 1 . The central computer in this that way 
receives confirmation that the correct code has been received by the computer 2, 
whereby the user can use the computer 2 in the manner that is granted by the said 
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code. This may That can be a question of full or limited use, such as carrying out 
financial transactions. 

According to a second e xampl e embodiment , the sa i d arrang e m e nt restricted 
area to which access is to be authorized is a door 1 1 or a gateway to which access is 
required susb so that it can be opened. In this that case it is preferred that the said 
arrang e m e nt compr i s e s restricted area includes a communicator 12 connected by a 
communications link to the central computer 1, which communicator 12 is arranged to 
communicate with the said radio terminal 3 over a short distance using an RFID link or 
a b l u e tooth Bluetooth link as short range radio link 13 . 

According to th i s example that second embodiment , it may can be a question of 
rescue personnel being equipped with a radio terminal 3 in the form of a mobile 
telephone with an integral RFID link or b l u e tooth a Bluetooth link as short range radio 
link 13. The communicator 12 is also equipped with such a link. When a fire-fighter, 
for example, wishes to open the door, he r i ngs to calls the central computer 1 over the 
telephone network 7, 8, 9 and transmits identifying information about the door that is 
concerned. This The identifying information can tak e p l ac e through be a numerical 
designation or through another unique i d e ntity identifier . 

Alternatively, the telephone 3 communicates through the said short range link 
13 with the communicator whereby the number of the mobile telephone is 
transmitted to the communicator 12. In the latter case, the mobile telephone and door 
identifying information is transmitted from the communicator 12 to the central computer 
1. In both cases, the central computer 1 subsequently transmits a code to the mobile 
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telephone 3 that, once it has received the code, transmits it to the communicator 12 
over the said short range link 13, wh e reby whereupon the door can be opened. 

It is clear that, both in the case with of a computer 2 and in the case with of a 
door 1 1 , that the code can vary with time , i n th e cas e i n which when the central 
computer 1 transmits the code to the radio terminal 3 and to the arrang e m e nt 
respective restricted areas 2; 11. Variation in time makes unauthor i s e d use 
unauthorized acquisition of the code through eavesdropping of th e cod e significantly 
more difficult. 

According to one preferred embodiment the arrang e m e nt communicators 
associated with the restrictive areas 2; 1 1 may can be arrang e d configured to compare 
the codes received from the computer 1 and from the radio terminal 3. 

According to one preferred d e s i gn embodiment , the code transmitted to the 
central computer compr i s e s 1 includes a network address belonging to the 
arrang e m e nt respective restricted area 2; 1 1 . This That means that the arrang e m e nt 
restricted area is identified for the central computer 1, and this that not only facilitates 
the transmission of a code from the central computer 1 to the arrang e m e nt respective 
restricted area , it also increases the security in the system against unauthor i s e d 
unauthorized use. 

According to one d e s i gn embodiment , the system can be used to ensure that, 
for example, the right people enter a meeting room. In this that case, a person's 
transponder^ in the form of an RFID circuit or a blu e tooth Bluetooth circuit in the mobile 
telephone of the person^ is read by a communicator 12 at the door of the room. The 
communicator 12 transmits to the central computer 1 a code that r e f e rs to is 



8- 



1920 

associated with the person's transponder. The central computer 1 transmits a 
temporary code to the mobile telephone 3 of the person, which mobile telephone 
sends the code onwards to the central computer 1 through the communicator 12. A 
circuit has in this that way been created, in which the central computer has information 
about the said temporary code, the person's mobile telephone number coupled to that 
code that was initially read, and the name of the person. 

According to another preferred embodiment^ the said code is used to encrypt 
information that is transmitted from the arrang e m e nt restricted area to the central 
computer. The code can in this that way compris e include an encryption key. This 
That further increases the security against the unauthor i s e d unauthorized use of a 
code that has been read by eavesdropping. 

According to a further preferred embodiment, the sa i d arrang e ment respective 
restricted area 2; 11 compr i s e s includes a reading arrangement in communicators 4; 
12 in order to read biometric data from of the said user 2 and in order to cause the said 
arrang e m e nt communicator in the respective restricted area 2; 1 1 to transmit biometric 
data to the central computer 1. Such biometric data is transmitted to the central 
computer 1 for comparison with reference data previously stored in the central 
compute^ in order to further increase the security that it is the correct person that is 
using the radio terminal 3 or the computer 2. The said reading arrangement 4; 12 for 
reading biometric data frem of the said user may can be a reading arrangement known 
per se of a suitable type, such as for reading fingerprints or the iris of the eye. 

A number of d e s i gn s embodiments have been described above. It is, however, 
clear that the invention can be varied, for example with respect to the location at which 
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the circuit is initiated and started, as can and the number of different arrang e m e nts 
restrictive areas to be accessed and that that form the said circuit can also be varied. 

The present invention, therefore, is not to be seen as limited to the 
embodiments specified above, since the invention can be varied within the scope of 
the attached claims. 
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C l aims. 

What is claimed is: 



